Alexey Dobriyan <[email protected]> wrote:
>
> VT1: while true; do grep xfs /proc/slabinfo; done
> VT2: rm -rf linux-vanilla
Yup, we have a buffer overrun in /proc/slabinfo.
From: Andrew Morton <[email protected]>
The recent vsnprintf() fix introduced an off-by-one, and it's now possible to
overrun the target buffer by one byte. Fix it so that local variable `end'
_really_ points at the last writeable byte.
[[email protected]: make the `size==0' case work properly]
Signed-off-by: Jeremy Fitzhardinge <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
---
lib/vsprintf.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff -puN lib/vsprintf.c~vsnprintf-fix lib/vsprintf.c
--- a/lib/vsprintf.c~vsnprintf-fix
+++ a/lib/vsprintf.c
@@ -259,7 +259,9 @@ int vsnprintf(char *buf, size_t size, co
int len;
unsigned long long num;
int i, base;
- char *str, *end, c;
+ char *str; /* Where we're writing to */
+ char *end; /* The terminal '\0' (if any) */
+ char c;
const char *s;
int flags; /* flags to number() */
@@ -283,7 +285,10 @@ int vsnprintf(char *buf, size_t size, co
}
str = buf;
- end = buf + size;
+ if (size > 0)
+ end = buf + size - 1;
+ else
+ end = buf;
/* Make sure end is always >= buf */
if (end < buf) {
_
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
